[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 28 Apr, 2013, at 8:35 pm, Martijn Grooten wrote:
I have to say I am a little sceptical about the scalability of the web of trust to every man and his dog. There have been several issues with the "web of trust" of certificate authorities to the point where many people believe that the idea of certificate authorities is broken. And these are organisations tend to spend a lot of money and effort into making sure they don't sign the wrong certificates.
OK, I guessed wrong, you aren't clear on the web of trust.What you're criticizing here (absolutely correctly, no argument there) is the non-web-of-trust where trust resides in centralized commercial self-declared "certificate authorities". An obviously bogus idea, pure snake oil.
The web of trust, as its name implies, in harmony with the anarchist principles of the internet and free software, is decentralized, non- hierarchical, co-operative ("mutualist"), distributed, and without authorities. It makes no pretence to any such thing as absolute, authoritative trust (beyond the simplest case, when I actually know you personally). The web of trust provides degrees of trust exactly analogous to the concept of "degrees of separation", that is, how many people who know each other separate any two individuals.
The important thing to remember about the web of trust is that the "trust" involved is that people are who they say they are, nothing more; in particular, it is no kind of measure of how generally trustworthy someone is, just that they have been "trustily" identified.
-- Phil Hudson http://hudson-it.no-ip.biz @UWascalWabbit PGP/GnuPG ID: 0x887DCA63 -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq